<?php
session_start();

// 登录失败次数和锁定逻辑
// $max_attempts = 3;
// $lock_minutes = 15;
// $locked = false;
// if (!isset($_SESSION['login_attempts'])) $_SESSION['login_attempts'] = 0;
// if (!isset($_SESSION['lock_time'])) $_SESSION['lock_time'] = 0;
// if ($_SESSION['login_attempts'] >= $max_attempts) {
//     if (time() - $_SESSION['lock_time'] < $lock_minutes * 60) {
//         $locked = true;
//     } else {
//         $_SESSION['login_attempts'] = 0;
//         $_SESSION['lock_time'] = 0;
//         $locked = false;
//     }
// }

// 生成验证码
if (!isset($_SESSION['captcha'])) {
    $_SESSION['captcha'] = rand(1000, 9999);
}
if (isset($_GET['refresh_captcha'])) {
    $_SESSION['captcha'] = rand(1000, 9999);
    header('Content-type: image/png');
    $im = imagecreatetruecolor(80, 32);
    $bg = imagecolorallocate($im, 255, 255, 255);
    $textcolor = imagecolorallocate($im, 60, 60, 60);
    imagefilledrectangle($im, 0, 0, 80, 32, $bg);
    imagestring($im, 5, 18, 8, $_SESSION['captcha'], $textcolor);
    // 干扰线
    for ($i = 0; $i < 3; $i++) {
        $linecolor = imagecolorallocate($im, rand(100,200), rand(100,200), rand(100,200));
        imageline($im, rand(0,80), rand(0,32), rand(0,80), rand(0,32), $linecolor);
    }
    imagepng($im);
    imagedestroy($im);
    exit();
}

$errorMsg = '';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $username = $_POST['username'] ?? '';
    $password = $_POST['password'] ?? '';
    $captcha = $_POST['captcha'] ?? '';
    $users_file = 'users.json';
    if ($captcha != $_SESSION['captcha']) {
        $errorMsg = '验证码错误';
    } elseif (file_exists($users_file)) {
        $users = json_decode(file_get_contents($users_file), true);
        if (is_array($users)) {
            foreach ($users as $user) {
                if ($user['username'] === $username && password_verify($password, $user['password'])) {
                    $_SESSION['username'] = $username;
                    $_SESSION['role'] = $user['role'];
                    header("Location: index.php");
                    exit();
                }
            }
        }
        $errorMsg = '用户名或密码错误';
    } else {
        $errorMsg = '用户数据文件不存在';
    }
    // 每次登录尝试都刷新验证码
    $_SESSION['captcha'] = rand(1000, 9999);
}
?>
<!DOCTYPE html>
<html>
<head>
    <title>登录系统</title>
    <meta charset="UTF-8">
    <style>
        body {
            font-family: Arial, sans-serif;
            display: flex;
            justify-content: center;
            align-items: center;
            height: 100vh;
            margin: 0;
            background-color: #f0f2f5;
        }
        .login-container {
            background: white;
            padding: 20px;
            border-radius: 8px;
            box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
            width: 300px;
        }
        .form-group {
            margin-bottom: 15px;
        }
        input[type="text"], input[type="password"] {
            width: 100%;
            padding: 8px;
            margin-top: 5px;
            border: 1px solid #ddd;
            border-radius: 4px;
            box-sizing: border-box;
        }
        button {
            width: 100%;
            padding: 10px;
            background-color: #1677ff;
            color: white;
            border: none;
            border-radius: 4px;
            cursor: pointer;
        }
        button:hover {
            background-color: #4096ff;
        }
        .error {
            color: red;
            margin-bottom: 10px;
        }
        .captcha-img {
            height: 32px;
            vertical-align: middle;
            cursor: pointer;
            border-radius: 4px;
            border: 1px solid #eee;
            margin-left: 8px;
        }
        .captcha-group {
            display: flex;
            align-items: center;
        }
    </style>
</head>
<body>
    <div class="login-container">
        <h2>用户登录</h2>
        <?php if ($errorMsg) echo '<div class="error">'.$errorMsg.'</div>'; ?>
        <form method="POST" action="">
            <div class="form-group">
                <label for="username">用户名：</label>
                <input type="text" id="username" name="username" required>
            </div>
            <div class="form-group">
                <label for="password">密码：</label>
                <div style="position:relative;display:flex;align-items:center;">
                    <input type="password" id="password" name="password" required style="flex:1;padding-right:36px;">
                    <button type="button" id="togglePwd" style="position:absolute;right:8px;top:50%;transform:translateY(-50%);background:none;border:none;cursor:pointer;font-size:18px;color:#888;line-height:1;height:28px;width:28px;display:flex;align-items:center;justify-content:center;" tabindex="-1">👁</button>
                </div>
            </div>
            <div class="form-group captcha-group">
                <input type="text" id="captcha" name="captcha" placeholder="验证码" maxlength="4" required style="flex:1;">
                <img src="login.php?refresh_captcha=1&_t=<?php echo time(); ?>" class="captcha-img" id="captchaImg" title="看不清？点击刷新">
            </div>
            <button type="submit" id="loginBtn">登录</button>
        </form>
        <script>
        document.getElementById('togglePwd').onclick = function() {
            var pwd = document.getElementById('password');
            if (pwd.type === 'password') {
                pwd.type = 'text';
                this.textContent = '🙈';
            } else {
                pwd.type = 'password';
                this.textContent = '👁';
            }
        };
        document.getElementById('captchaImg').onclick = function() {
            this.src = 'login.php?refresh_captcha=1&_t=' + Date.now();
        };
        </script>
    </div>
</body>
</html> 